This document discusses open source software licenses and managing open source code. It provides an overview of common open source licenses like GPL, MIT, and BSD licenses. It also discusses risks of license incompatibility and how to detect open source code dependencies. The document recommends that developers choose licenses carefully, document code properly, and that companies establish open source policies.

1. 4 décembre 2020
ULiège - Interface Entreprises
Recherche & Innovation
Managing Open source licenses

3. Jérémie Fays
Civil engineer in geology
@ Interface ULg since 2004
Freelance :
▸ Websites
▸ Photographer : Insta @jeremiefays
Geek
Geek Anonymes : https://www.recherche.uliege.be/geeksanonymes

4. What is Open Source ?

5. History
• 1950 : software source freely available
• 1974 : Software copyright
• 1985 : Free Software foundation
• 1989 : GPLv1 license (copyleft )
• 4 freedoms : run, study, modify, distribute
• 1998 : Open Source Initiative
• Today : OS won the war !

6. Licenses
No license = no rights !

7. Licenses
Public domain
(WTFPL)
Open source (FOSS)
Academic / permissive
MIT, BSD, Apache, X11
Weak copyleft
LGPL, MPL
Strong copyleft
GPL, EUPL
Super strong copyleft
AGPL
Closed source (commercial)
Freeware
Shareware /
freemium
Other commercial
licenses

8. MIT, BSD,ISC,
Apache v2.0
GPL v2-3
LGPL v2-3 Others (100+)
Data from Blackduck, June 2018
Permissive
Copyleft
Weak copyleft
Most used OS licenses…

9. Apache v2.0, MIT, BSD
No copyleft
Could be integrated in closed source software
You must mention authors
Trigger : distribution

10. GPL v3
Strong copyleft
Source code has to be available
‘contaminates’ the whole work
You must mention authors
Trigger : distribution

11. GPL v2
Strong copyleft
You must mention authors
Source code has to be available
‘contaminates’ the whole work
Incompatible with a lot of common licenses
Trigger : distribution

12. AGPL v3
“Affero GPL”
Super strong copyleft
Source code has to be available
‘contaminates’ the whole work
You must mention authors
Trigger : distribution & interactions through a network

13. LGPL v3
Weak copyleft
Could be integrated in closed source software, provided you
make possible to link with another version of the library
Intended for libraries
You must mention authors
Trigger : distribution

14. Creative Commons licenses
Not adapted to software!
Adapted to documentation
Attribution
Attribution
No derivatives
Attribution
No commercial use
Share alike
Attribution
Share alike
Attribution
No commercial use
Attribution
No commercial use
No derivatives

15. How contaminating is copyleft (GPL) ?

16. Copyleft “contamination”
• Compiled in 1 executable à contamination
• Calling another executable and sharing data through
command line or file à no contamination
• Run a software on a ‘copyleft’ operating system à
no contamination from OS
• Interact with a webservice through standardized
protocol (query online database with SQL) à no
contamination

17. Copyleft “contamination”
But a lot of grey zone…

18. Are there compatibility problems ?

19. “I don’t like to give bad
news”
© Jérémie fays

20. PhD Thesis - SimCity
Effect of urban development on traffic jam
SimCity
2D engine for maps
Export to xls
Color picker (palette)

21. PhD Thesis - SimCity
SimCity
2D engine for maps
Export to xls
Color picker (palette)
May I sell
Licenses ?
Effect of urban development on traffic jam

22. PhD Thesis - SimCity
SimCity
2D engine for maps
Export to xls
Color picker (palette)
May I sell
Licenses ?
Effect of urban development on traffic jam

23. PhD Thesis - SimCity
SimCity
2D engine for maps
Export to xls
Color picker (palette)
May I Open
Source ?
Effect of urban development on traffic jam

24. PhD Thesis - SimCity
SimCity
2D engine for maps
Export to xls
Color picker (palette)
May I Open
Source ?
Effect of urban development on traffic jam

25. Some known compatibilty problems
• BSD-4 à GPL
• Apache v1, v1.1 à GPL
• GPLv2 à GPLv3
• GPLv3 à GPLv2
• MPLv1.1 à GPL
! GPL compatible licences
https://www.gnu.org/licenses/license-list

26. Dual licensing
Purpose :
▸ Prevent compatibility issues (ex : using GPL v2+)
▸ Run a dual licensing business model
Needs agreement of all rights owners
▸ 1 owner, or…
▸ All owners agree, or…
▸ Unify rights via CLA (Contributor License Agreement)

27. Freedom to operate
Source : David A. Wheeler

28. How do I detect Open Source ?

29. How to detect Open Source ?
1. Ask the developers (Uliège : Software disclosure form)
2. Source code scanning tool
▸ open source licence finder
▸ Fossology (free)
▸ open source code finder
▸ Synopsys (Black Duck) – also binary detection
▸ Antelink
▸ Revenera

30. How to solve incompatibility ?

31. How to solve incompatibility ?
• Don’t bother (short code)
• Rewrite
• Replace with another library
• Ask authors for a different license
• Split your software (if at all possible)

32. What are the risks ?

33. What are the risks ?
1. OS license incompatibility in an open source project
è Reputation
è Trouble in OS community
è (Lawsuit)
è Stop distribution

34. What are the risks ?
2. Copyleft code in commercial code
è Development costs to clear the situation
è Lawsuit
è reputation
è open your code !!
è pay damages
è Dev companies : your customer could be sued

35. How to manage Open Source ?

36. For developpers…
• Choose a distribution strategy from the start
(commercial, permissive, copyleft…)
• and choose dependencies with a compatible license
• Ask your employer
• Before contributing to an open source project
• Before integrating OS in the company software !

37. For developpers…
• Document your code with legal stuff
• Copyright and license header in each source file
• LICENSE and AUTHOR file
• Use a Version Control System (Git, SVN…)
• Test in branches
• Track who did what
• Use Fossology

38. For companies…
Setup an Open Source Policy !

39. For companies : Open Source Policy
• OS licenses allowed, and not allowed
• Other criteria : maintenance, quality, security…
• Clear and rapid validation procedure
• Contributing to an open source project
• Inventory of dependencies
• Use tracking tools

40. Jérémie Fays
j.fays@uliege.be
+32 4 349 85 21
www.linkedin.com/in/jeremiefays
Need some advice ?